ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is my bank's secure website showing a grey triangle and exclaimation point while IE shows no problems with the security?

  • 6 ردود
  • 6 have this problem
  • 746 views
  • آخر ردّ كتبه firefoxfan1101

more options

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information". But when I open the same website in Internet Explorer there is no warning and it shows as being fully secured. The same thing happens intermittently when I browse to ebay's secure log in.

الحل المُختار

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
Read this answer in context 👍 1

All Replies (6)

more options

Starting in version 36, Firefox no longer treats RC4 encryption ciphers as secure because they are breakable (i.e., a sophisticated attacker could decrypt the data you exchange with the server). Firefox does not have a specific message in the UI to let you know this, but if you look at the site in Google Chrome, click the padlock, and view the Connection information, you will see this specific issue mentioned there. (Screenshot attached for reference.)

more options

eBay, on the other hand, gives me a green lock. (Screen shot attached.) So that one is more alarming to me if you get a warning there...

Modified by jscher2000

more options

الحل المُختار

Note that Firefox shows warning messages in the Browser Console and in the Web Console

This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]
more options

cor-el said

Note that Firefox shows warning messages in the Browser Console and in the Web Console
This site uses the cipher RC4 for encryption, which is deprecated and insecure. www.huntington.com
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.[Learn More]

What this does not explain is what's actually going on.

As far as I know, if a website supports a wide range of encryption ciphers, in a specific order, the browser will use the best one first. There are still lots of browsers out there that only support RC4, so sites cannot really turn this off.

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

more options

wcndave said

What I would like to know is, does the grey ! and the console warning mean that the site you are connecting to supports RC4, and therefore be careful, or that you are currently connected using RC4 cipher, which is very different indeed...

It means the second one: Firefox couldn't connect with a cipher better than RC4 so that is what is in use.

Some servers actually offer only one cipher, probably for maximum backwards compatibility. You can use the following test page to see what ciphers are offered: https://www.ssllabs.com/ssltest/

more options

jeffk1 said

Every time I try to log in to my bank's secure website with Firefox at https://www.huntington.com/ I get a grey triangle icon with exclamation point and the message when I hover over is "This website does not provide identity information".

The huntington.com online banking site is currently using obsolete, substandard SSL security algorithms, which IMHO is completely inexcusable for a financial institution. I wrote a complaint to their security department at idtheft@huntington.com and highly recommend other customers complain loudly as well, to make this a higher priority for them.

Below is their response. It has the feel of a form letter and is not signed by the unnamed author.


From: <Mailbox-IDTheft@huntington.com> Subject: RE: Huntington.com website security question

We are dedicated to your online safety and security and use sophisticated technology to provide a secure online experience. However, we also continually strive to remain on the cutting edge of Internet technology which is why we are in the process of further strengthening our SSL security to meet the increased security requirements that Chrome and Firefox recently implemented.

IT Security Analyst

The Huntington National Bank 7 Easton Oval EA3W21 Columbus, OH 43219 huntington.com